Lucene search

Veracode Vulnerability DatabaseVERACODE:47628

HistoryJun 19, 2024 - 5:58 a.m.

Path Traversal

2024-06-1905:58:11

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

path traversal

vulnerability

absolute path

archived artifacts

attackers

system files

software

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.6%

JSON

ai.djl,api is vulnerable to Path Traversal. The vulnerability is due to absolute path archived artifacts, allowing attackers to insert archived files directly into the system and overwrite system files.

CPENameOperatorVersion
deep java library - apile0.27.0
deep java library - apile0.27.0

CPE	Name	Operator	Version
	deep java library - api	le	0.27.0
	deep java library - api	le	0.27.0

References

github.com/deepjavalibrary/djl/pull/3075

github.com/deepjavalibrary/djl/releases/tag/v0.28.0

github.com/deepjavalibrary/djl/security/advisories/GHSA-w877-jfw7-46rj

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.6%

JSON

Related for VERACODE:47628